Search Privacy Violations, Breaches and Complaints
This database was last updated in December 2015 ago and should only be used as a historical snapshot. More recent data on breaches affecting 500 or more people is available at the U.S. Department of Health and Human Services’ Breach Portal.
EISENHOWER MEDICAL CENTER
Cited by the California Department of Public Health for a violation of California’s Health and Safety Code relating to medical privacy during an inspection that began on April 21, 2015. Also cited in 279 other reports.
Report ID: DLNX11, California Department of Public Health
Reported Entity: EISENHOWER MEDICAL CENTER
Issue:
Based on interview and record review, the facility failed to ensure the Protected Health Information (PHI) of Patient A remained confidential. This failure resulted in the unauthorized access of Patient A's PHI by one facility employee, Staff Member (SM) 1.Findings:A review of Patient A's record was conducted. Patient A was admitted to the facility on March 18, 2015, with a diagnosis of metastatic carcinoma. The Medical Social Worker documentation dated March 26, 2015, at 10:16 a.m. indicated, "The pt (patient) states he is a (facility) employee and has not received visits from peers per his choice."An interview was conducted with the facility's Information Privacy Manager (IPM) on April 21, 2015, at 10:30 a.m. The IPM stated the facility received a complaint on their "hot line," on March 30, 2015, at 6:01 p.m., which indicated on March 26, 2015, facility employees accessed the medical record of Patient A who was currently an inpatient.The IPM further stated after an investigation, it was determined that one facility employee, SM 1, accessed Patient A's medical record. The IPM stated SM 1 indicated he accessed and viewed Patient A's medical record because he "wanted to know where (Patient A) was located in the hospital (and he) cared about him" and "wanted to see how he was doing."The IPM stated SM 1 further indicated he was aware accessing Patient A's medical record was a violation of the Health Insurance Portability and Accountability Act (HIPAA).A review of Patient A's PHI which was accessed by SM 1 was conducted. The PHI accessed included Patient A's name, date of birth, admitting diagnosis, date of a prior hospitalization, medical record and account numbers, health insurance information, laboratory tests and results.Patient A was notified by mail of the unauthorized access to his medical records on April 17, 2015.A review of the facility policy, "Information Privacy (Last Reviewed/Revised (04/02/2015)," was conducted. The policy indicated the definition of unauthorized or unlawful access, use or disclosure is, "The viewing or retrieval of an individual's PHI either electronically or in paper form when this information is for purposes not relevant to the workforce member's treatment, payment process or hospital related administrative purposes."
Outcome:
Deficiency cited by the California Department of Public Health: Health & Safety Code 1280